﻿<FlowDocument xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    ColumnWidth="400" FontSize="14" FontFamily="Georgia"
    Name="HelpDocument">    
    <FlowDocument.Resources>
        <Style x:Key="Normal" TargetType="Paragraph">
            <Setter Property="FontSize" Value="12"/>
            <Setter Property="FontFamily" Value="Arial" />
        </Style>
        
        <Style x:Key="Header1" TargetType="Paragraph" BasedOn="{StaticResource Normal}">
            <Setter Property="FontSize" Value="24"/>
            <Setter Property="TextDecorations">
                <Setter.Value>
                    <TextDecorationCollection>
                        <TextDecoration Location="Underline" PenOffset="1" PenThicknessUnit="FontRecommended">
                            <TextDecoration.Pen>
                                <Pen Thickness="2">
                                    <Pen.Brush>
                                        <LinearGradientBrush StartPoint="0,0.5"  EndPoint="1,0.5">
                                            <LinearGradientBrush.GradientStops>
                                                <GradientStop Color="Black" Offset="0" />
                                                <GradientStop Color="Gray" Offset="1" />
                                            </LinearGradientBrush.GradientStops>
                                        </LinearGradientBrush>
                                    </Pen.Brush>                                    
                                </Pen>
                            </TextDecoration.Pen>
                        </TextDecoration>
                    </TextDecorationCollection>

                </Setter.Value>
            </Setter>
        </Style>
        <Style x:Key="Header2" TargetType="Paragraph" BasedOn="{StaticResource Normal}">
            <Setter Property="FontSize" Value="14"/>
            <Setter Property="FontWeight" Value="Bold"/>
        </Style>
        <Style x:Key="Header3" TargetType="Paragraph" BasedOn="{StaticResource Normal}">
            <Setter Property="FontSize" Value="13"/>
            <Setter Property="FontStyle" Value="Italic"/>
        </Style>
        
    </FlowDocument.Resources>
        
    <Section Name="About" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            About Password Provider
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Password Provider is a password management application developed by me, Don Wingate. It started out as a vehicle for learning
            Microsoft's .Net WPF (Windows Presentation Framework) library. I use it all the time and find it very helpful for managing
            the many web sites and their passwords that I visit from time to time. I sincerely hope that you find it useful as well.        
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The latest version of Password Provider can be found on
            <Hyperlink NavigateUri="http://www.passwordprovider.codeplex.com">Code Plex</Hyperlink>
        </Paragraph>

    </Section>
 
    <Section Name="Welcome" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Getting Started
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            When the Password Provider is run for the first time, a new data file needs to be created, and the user is asked 
            where to put it. There is a default location, which is recommended because it is out of the way and not 
            likely to be accidentally deleted or corrupted. (However, it is the user's choice, and the file can be moved at any time.)            
        </Paragraph>   
        <Paragraph Style="{StaticResource Normal}">
            Once the file is created, it becomes the active file and will be openned automatically each time the program
            runs. The active file can be changed at any time through the file actions menu, simply by openning the desired file.
        </Paragraph>        
        <Paragraph Style="{StaticResource Normal}">
            If the active file is missing when Password Provider starts, it will prompt the
            user to either create a new file or open an existing file (or restore a file from backup, if there is one specified.) 
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            If Password Provider is uninstalled, the data file is not removed. If it is in the default location, the program will find 
            if it is reinstalled or upgraded, and give the user the option of openning it.
        </Paragraph>
    </Section>
    
    <Section Name="SetPassword" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Setting the Password
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            After the file is created, the next thing to do is set up a master password. It is important not to forget this password, 
            as it is required to open the file and run the program. This password is the 
            key to encrypt and decrypt the passwords that you create. There is NO way to retrieve the encrypted passwords without the 
            master password.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            It is possible at any time to change the master password. To do so, click 'Change Password' on the main menu.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            There is an option to specify the number of iterations used when generating the master key. The larger this value is, 
            the greater the protection, but it takes longer to compute which affects the time it takes to log in. You can 
            experiment with this value until you find the highest number that can be computed in an acceptable time span. 
            (For more details, see the <Hyperlink NavigateUri="#SecurityOverview">Security Overview</Hyperlink> section.) 
        </Paragraph>
    </Section>

    <Section Name="EnterPassword" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Authenticating the User
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            When the program is started and there is an active file, the first thing the user sees is the page to 
            enter the master password, or authenticate the user. The entered password serves as the input for a complex
            algorithm. Output from this algorithm is checked against data stored in the file for verification.
            (The password itself is not stored in the file. Rather, a one-way hash is used to verify the password. 
            For more details, see the <Hyperlink NavigateUri="#SecurityOverview">Security Overview</Hyperlink> section.)            
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The user is required to enter the password whenever the password becomes invalidated. The password
            can be invalidated when the Password Invalidation Method is set to either "Invalidate after access"
            or "Invalidate after time out." For more information on this setting, see the section on
            <Hyperlink NavigateUri="#SecurityOptionsPage">Security Options.</Hyperlink>
        </Paragraph>
    </Section>
    
    <Section Name="SitesList" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Site List View
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The site list is the main view of the application. A site is an object which contains at least one field that is password protected.
            In Password Provider, there are currently three type of sites: Login Sites, Credit Cards and Generic, which is a catch-all structure
            that can be used to securely store any small bit of information.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            A logon site is primarily a container for login and password data as required, for example, by a web site.
            Logon site also stores a name, a description, a web site Url, and password's last access date,
            and number of times the password has been accessed at the request of the user.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            A credit card item stores the credit/debit card number, security code and PIN (for debit cards) in encrypted format. 
            It also stores a name, description and expiration date. As is true for all site types, Tags can be added
            and removed from individual credit cards. Credit cards have a Web Site field, where you can associate an existing web site
            entry with the credit card. 
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            A generic site has fields for Name, Description, Tags, Web Site, and Secure Data, which is stored in encrypted format. 
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Actions
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Create New Site
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            To create a new site, simply click on the create new button. Alternatively, Control-N for a new login site, Control-K
            for a new credit card and Ctrl-G for a generic. Or, execute the command through the context menu (right click.)
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            An alternative method for creating a new site is to drag the url of a page that is loaded in your browser onto the Password Provider
            window. This will cause the Create New Site view to be shown, with the url and name fields filled in.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Delete Site
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            To delete a site, use the delete key or use the option in the right click menu.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Delete Tag
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            To delete a tag completely from all sites which have it applied, first group the sites according to tag (see the 
            <Hyperlink NavigateUri="#ViewOptionsPage">view options section</Hyperlink>) and then right click on
            the group heading. The popup menu will have an option to delete the tag. 
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            View Site Details
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            There are several ways to view the site details: use the right arrow key, click on the arrow button that appears on the right,
            and right click to bring up the context menu.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Open Web Site
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            If a login site has a Url specified, double clicking or hitting the enter key will open the site in a web browser
            (either Internet Explorer or the system default browser, depending on the browser options setting.) 
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Copy Site Secret
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Each site type has a single field that is designated as its "secret." For login sites, the secret is the password and for credit cards,
            it is the card number. Control-C will copy the secret of the currently selected site to the clipboard. Alternatively, 
            the copy command is available in the context menu (right click.)
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Send Password Key Strokes
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Execute the send password key strokes command with Control-S or by selecting it in the context menu (right click.) 
            This command causes Password Provider to simulate the key strokes for typing the password,
            as if you were typing them yourself, into the active entry box of the window of your choice. This method is a little bit
            more secure than coping the password to the clipboard, because information on the clipboard stays there until it is replaced
            with something else. When the message box pops up, prepare by bring the window you want to recieve the key strokes into view and putting the
            cursor in the field where the text should be entered. Then, after clicking
            ok on the message box, like it instructs, click next on the window you prepared. 
            
        </Paragraph>
    </Section>

    <Section Name="SiteDetails" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Site Details
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Each site type has its own details view, which is used to both create a new site and view or modify an existing one.
            The right arrow key will take you to the details view of the currently selected site. Using the mouse, you can either 
            right click and select View/Edit site or move the mouse over the right side of the view to show an arrow which can be clicked on. 
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Tags
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            A tag is a user defined field that can be used for grouping sites in the site list. Each site can have multiple tags,
            causing it to appear in more than one group. To create a new tag, open the drop-down and click the "Create New" button,
            type in the tag value, and click Ok. The tag will be added to the site and be available for selection from then on.
            To add an existing tag, simply select it from the drop down. To remove a tag from a site, unselect it from the drop down.
        </Paragraph>        
        <Paragraph Style="{StaticResource Header3}">
            Viewing Encrypted Values
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            By default, the password for login sites and card number and code for credit cards are not displayed, nor have they
            been decrypted ahead of time internally by the program. They are not actually decrypted until the value is required
            by the user.
        </Paragraph>            
        <Paragraph Style="{StaticResource Header3}">
            Generating Random Passwords
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The most secure passwords are totally random, are long and contain all different types of characters. 
            The login site details view includes a random password generator which becomes visible when both the 
            "View Clear Text" and "Show Password Generator" check boxes are checked. Select the desired length, whether to 
            include numbers, punctuation and/or special characters in the results, then click Generate. A completely random password
            is generated meeting the requirements specified and entered into the password box of the view. (Don't worry about losing
            the current password, if you click cancel the old password will remain.)
        </Paragraph>
    </Section>
    
    <Section Name="FileActions" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            File Actions
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Active File
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The active file path is displayed in the read-only text box.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            New
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Create a new Password Provider file at the selected location.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Open
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Open an existing file. It becomes the active file.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Save As
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Save the current active file to the selected location. The file remains the active file in its new location.
        </Paragraph>

    </Section>

    <Section Name="ViewOptions" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            View Options
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Color Skin
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            There are 5 different color themes to chose from.
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Sorting Method
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Sites can be sorted alphabetically, by the frequency they are accessed, and by the date of the last time they were accessed.
            Access to a site is defined as the secret of that site being decrypted, either for viewing (in the details view) or
            when the copy command, send keys command or auto-fill command are executed. 
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Grouping Method
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Sites can be displayed in groups in the site list. Sites can be grouped according to type - login sites and credit cards -
            or tags. Tags are values that are created by the user and associated with each site. A site can have multiple tags and 
            there by show up in multiple groups. For more about tags, see the
            <Hyperlink NavigateUri="#SitePropertyPage">Site Details</Hyperlink> Section.
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Window Behavior
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Run in System Tray
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The Password Provider icon will become visible in the "system tray" (the group of icons near the the clock, usually at the bottom
            right corner of the screen) and the window will be shown just above the icon. To access the menu items that normally appear
            at the top of the window, right click on the icon. When the window is hidden, left click on the icon to make it visible.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Pin Window Open
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            This setting only has effect if Run In System Tray is selected. Pinning the window open means that the window won't be hidden
            every time it is deactivated (by the user clicking something other than it.) In order to hide the window when this option is
            selected, left click on the icon.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Always on Top
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            This setting applies when the window is in normal mode. It will cause the window to always remain on top of other window.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Minimize to notification area.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            This setting applies when the window is in normal mode. When minimized, instead of the normal button on the task bar, 
            the Password Provider icon will show up in the notification area (near the clock.) Left click on the icon to make the window
            visible again.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Show Web Site Icons
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Enable or disable showing the web site icons in the list of sites.
        </Paragraph>
    </Section>
    
    <Section Name="SecurityOptions" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Secutity Options
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Password Invalidation Rule
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Never Invalidate
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The user must enter the master password only when first starting the application or
            when openning a new file.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Invalidate after access
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The master password will be invalidated following any access to an encrypted value (password,
            credit card number, etc.) The correct password will be required before access another encrypted value will be possible.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Invalidate after time out
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Selecting this option will cause the password to become invalidated after the specified number of minutes. The 
            enter password screen will automatically and immediatly appear and it will not be possible to take further action
            until the correct password has been entered.
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Encrypt Data File
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Save the data file in encrypted format. Adds an extra layer of protection and prevents anyone from reading the unprotected
            contents of the file, such as the site names, url and descriptions. Passwords and credit card numbers are still encrypted 
            separately inside the file. For more information, see the
            <Hyperlink NavigateUri="#SecurityOverview">Security Overview</Hyperlink> section.
        </Paragraph>
    </Section>
    
    <Section Name="BrowserOptions" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Browser Options
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Double click navigates to web site
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Selecting this option enables navigating to the url of the selected login site. Navigation can be performed either by 
            double clicking on the site in the list view, or hitting the enter key when the site is highlighted.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Chose browser
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Select to either use the system default browser or to always use Internet Explorer. If the system browser selected and it is not 
            Internet Explorer, then the auto fill feature will not function.
        </Paragraph>
        <Paragraph Style="{StaticResource Header3}">
            Attempt automatic fill-in
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            It is often possible, in Internet Explorer, to automatically fill in the login and password fields of the destination 
            web site. However, Password Provider is not always able to determine where on the page the login and password fields are
            located, if they are in fact on the destination page at all. Selecting this feature will enable the program to give it it's best shot!  
            Note: There is no danger in trying. If the program fails to find the password field, the password will not be decrypted, nothing
            will happen. 
        </Paragraph>

    </Section>

    <Section Name="Tips" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Tips
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            F2 key brings up help no matter where you are in the program.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Navigating to a web site: Hit enter key when desired site is active or double click on item in list.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Viewing site details: Use the right arrow key or the arrow button at right side of view.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Create new site: Use Control-N for new login site, Control-K for new credit card.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Drag and drop a web site address from your browser into the Password Provider window to create a new site
            with the url and name fields filled in.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Entering password in web site: when auto-fill fails, send the password key strokes directly to the site's password
            entry field using the Send Keys feature (Control-S) 
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            To remove a tag from all sites that have it applied, set the grouping method to "group by tag" and right click when
            the mouse is above the group header that represents the tag you want to remove. An option to delete tag will
            be in the dropdown menu.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            If you forget how to do something, try right clicking to bring up the context menu. Or, hit F2 for help.
        </Paragraph>
    </Section>

    <Section Name="SecurityOverview" BreakPageBefore="True">
        <Paragraph Style="{StaticResource Header1}">
            Security Overview
        </Paragraph>
        <Paragraph Style="{StaticResource Header2}">
            Encryption Algorithm
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Encryption is implemnted in two basic parts, first, generating a 256 bit key from the supplied master password,
            and second, using that key to encrypt the values contained in the data file.
            Both the master key generation and the encryption steps are performed using built-in .Net utilities. 
            Key generation takes three parameters: the user entered password, a random value called a SALT, and a value which 
            specifies the number of iterations used in the method internally when generating the key. The larger the 
            number of iterations, the more secure - harder to crack - is the key that is generated and, it follows, more 
            securely encrypted values.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            When a new file is created the user is prompted to enter a password to serve as the master password for the file. 
            At this point the master key is generated for the first time, the random value SALT that is generated and used in the key
            generation is stored in the file along with the number of iterations. These values along with the password serve as the data 
            for regenerating the key each time the user logs in. Along with the SALT and number of iterations, a value called a 
            HASH is generated from the key. Creating a hash is a one-way operation - given the same input the output is always the same,
            but the input cannot be arrived at from the output. Because of this property, a hash can be used to validate the password that the user enters.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The key itself is not stored in the data file, of course, as that would be giving away the means to decrypt all the encrypted
            values in the file. The Key is generated when the user enters the password. It is stored in a single location of memory within
            the running program, where it remains until either the program is terminated or is wiped from memory in response to 
            the user setting for invalidating the password. Additionally, the memory used for storing the secret key is protected using
            the ProtectedMemory class in the .Net cryptographic library, making it secure against memory scanning, memory dumping and
            other potential points of attack. 
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            The master password (and the master key) is required for both encrypting and decrypting values. Both operations use the
            Rijndael symmetric encryption algorithm as provide by Microsoft as part of the .Net framework. The main parameter
            to the encryption algorithm a 256 bit key. Instead of using the master key directly, an intermediate key value is
            generated with the master key as input along with a separate, unique SALT value that is then stored with the encryped value
            in the data file. This manuver adds another layer of obfuscation to the final encrypted value.
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            For more detailed information about the algorithms used for encryping values, start with Microsoft documentation on the 
            cryptography library:
        </Paragraph>
        <List>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    <Hyperlink Tag="Browser"
                        NavigateUri="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes.aspx"
                        ToolTip="{Binding RelativeSource={RelativeSource Self}, Path=NavigateUri}">
                        Rfc2898DeriveBytes</Hyperlink>
                    for key generation.
                </Paragraph>
            </ListItem>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    <Hyperlink Tag="Browser"
                        NavigateUri="http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged.aspx"
                        ToolTip="{Binding RelativeSource={RelativeSource Self}, Path=NavigateUri}">
                        RijndaelManaged</Hyperlink>
                    for encrypting values.
                </Paragraph>
            </ListItem>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    <Hyperlink Tag="Browser"
                        NavigateUri="http://msdn.microsoft.com/en-us/library/system.security.cryptography.sha512managed.aspx"
                        ToolTip="{Binding RelativeSource={RelativeSource Self}, Path=NavigateUri}">
                        SHA512Managed</Hyperlink>
                    for hash computation.
                </Paragraph>
            </ListItem>
        </List>
        <Paragraph Style="{StaticResource Header2}">
            Internal Security Measures
        </Paragraph>
        <Paragraph Style="{StaticResource Normal}">
            Significant measures have been taken to ensure that the executing program is safe from external attacks such as memory snooping.
            These measures include:
        </Paragraph>
        <List>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    Never passing unencrypted values between methods and never storing unencrypted values in memory. Encrypted values
                    are only exposed within the method body of the decryption method itself. They are immediatly inserted into what Microsoft 
                    calls a Secure String - part of the .Net library. A secure string is itself an encrypted value which stores its data
                    in unmanaged memory which is totally separate from the .Net runtime. The secure string does not release its data until
                    absolutely necessary for the activities of the program user, such as to send key strokes to the active window or to 
                    enter the password programmatically into a web site.
                </Paragraph>
            </ListItem>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    The master key that is generated from the master password is at no point stored in persistant memory (it is not written
                    to the hard disk.) It resides in a single location of memory that is protected by a special .Net cryptography utility class. 
                    When the password is invalidated (see
                    <Hyperlink NavigateUri="#SecurityOptionsPage">Security Options</Hyperlink>) the key 
                    data is immediatly wiped from memory by being overwritten with zeros.  
                </Paragraph>
            </ListItem>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    An option to encrypt the entire data file before writing to disk. The encryption method used for encrypting the file
                    is the same as for encrypting values; the encryption is dependent on a secret key generated from the user's 
                    password. 
                </Paragraph>
            </ListItem>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    A double-blind method for encrypting values - a separate SALT and Key is used for each encrypted value, 
                    this in addition to the master key that is generated from the master password.
                </Paragraph>
            </ListItem>
            <ListItem>
                <Paragraph Style="{StaticResource Normal}">
                    The send password keys feature is a security enhancement since it prevents the need to use the system clipboard, which
                    is very vulnerable.
                </Paragraph>
            </ListItem>
        </List>
    </Section>


</FlowDocument>
